General
-
Target
aggah.ps1
-
Size
1.1MB
-
Sample
221206-z6p32sgh4s
-
MD5
8763a2445fde1b8c315ac06e4123207a
-
SHA1
84e8a98f70acce9988adf826ca0c52aaf66b21c2
-
SHA256
fa8f6002a8d571256dc88960a69ab44c7cbf65227c45e5b4750007d5749bbd44
-
SHA512
57b8fa11f322fd4f39608fa511b21c4560c9812743dfe57f49297995aad57b2945c0d370e12aa343cb84374126eb3bb51a20555db564255963512a19793cde4f
-
SSDEEP
12288:Cjx24c7RmYLQoSlhO5vLIyEDlzvOLHCKzR6VpPXncijT9L:CeRm6QoSlhOXqrOLHCn4ijTN
Static task
static1
Behavioral task
behavioral1
Sample
aggah.ps1
Resource
win10-20220901-en
Behavioral task
behavioral2
Sample
aggah.ps1
Resource
win7-20221111-en
Malware Config
Extracted
Protocol: ftp- Host:
195.178.120.64 - Port:
21 - Username:
ashgdlkhfg3 - Password:
jfghfjg]45
Targets
-
-
Target
aggah.ps1
-
Size
1.1MB
-
MD5
8763a2445fde1b8c315ac06e4123207a
-
SHA1
84e8a98f70acce9988adf826ca0c52aaf66b21c2
-
SHA256
fa8f6002a8d571256dc88960a69ab44c7cbf65227c45e5b4750007d5749bbd44
-
SHA512
57b8fa11f322fd4f39608fa511b21c4560c9812743dfe57f49297995aad57b2945c0d370e12aa343cb84374126eb3bb51a20555db564255963512a19793cde4f
-
SSDEEP
12288:Cjx24c7RmYLQoSlhO5vLIyEDlzvOLHCKzR6VpPXncijT9L:CeRm6QoSlhOXqrOLHCn4ijTN
Score10/10-
Registers COM server for autorun
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-